arm64: Add CONFIG_DEBUG_SET_MODULE_RONX support

In a similar fashion to other architecture, add the infrastructure and Kconfig to enable DEBUG_SET_MODULE_RONX support. When enabled, module ranges will be marked read-only/no-execute as appropriate. Signed-off-by: Laura Abbott <lauraa@codeaurora.org> [will: fixed off-by-one in module end check] Signed-off-by: Will Deacon <will.deacon@arm.com>
author: Laura Abbott <lauraa@codeaurora.org> 2014-08-19 20:41:43 +0100
committer: Will Deacon <will.deacon@arm.com> 2014-09-08 14:39:18 +0100
commit: 11d91a770f1fff44dafdf88d6089a3451f99c9b6 (patch)
tree: db7874516b61d7df4d85e4529b9ea6e1033624e6 /arch/arm64/Kconfig.debug
parent: b6d4f2800b7bad654caf00654f4bff21594ef838 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
index 4ee8e90b7a4..0a12933e50e 100644
--- a/arch/arm64/Kconfig.debug
+++ b/arch/arm64/Kconfig.debug
@@ -43,4 +43,15 @@ config ARM64_RANDOMIZE_TEXT_OFFSET
 	  of TEXT_OFFSET and platforms must not require a specific
 	  value.
 
+config DEBUG_SET_MODULE_RONX
+        bool "Set loadable kernel module data as NX and text as RO"
+        depends on MODULES
+        help
+          This option helps catch unintended modifications to loadable
+          kernel module's text and read-only data. It also prevents execution
+          of module data. Such protection may interfere with run-time code
+          patching and dynamic kernel tracing - and they might also protect
+          against certain classes of kernel exploits.
+          If in doubt, say "N".
+
 endmenu
author	Laura Abbott <lauraa@codeaurora.org>	2014-08-19 20:41:43 +0100
committer	Will Deacon <will.deacon@arm.com>	2014-09-08 14:39:18 +0100
commit	11d91a770f1fff44dafdf88d6089a3451f99c9b6 (patch)
tree	db7874516b61d7df4d85e4529b9ea6e1033624e6 /arch/arm64/Kconfig.debug
parent	b6d4f2800b7bad654caf00654f4bff21594ef838 (diff)